<?php
include($_SERVER["DOCUMENT_ROOT"]."/bob.php");
include($_SERVER["DOCUMENT_ROOT"]."/fonctions_globales.php");
$mysqli = new_mysqli($host, $user, $password, $database); //connection à la DB

if(get_data_in_db($mysqli, "gens", "user_id", $_SESSION['id'], "user_level")!='1'){
	header("Location: /"); exit();}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="fr" dir="ltr"><head>
<meta charset="utf-8">
<title>Permissions</title>
<link rel="stylesheet" type="text/css" href="fourum.css">
</head>
<?php main_body($mysqli); ?><p align='center'><div class='boite'>
<a href='../index.php'>Index du fourum</a></div> <div class='boite'><a href='forums.php'>forums</a> 
</div> <div class='boite'><a href='smileys.php'>Smileys</a> 
</div> <div class='boite'><a href='rangs.php'>Rangs</a></div> <div class='boite'><a href='gens.php'>Permissions/ban</a> </div></p>
<?php
//bannissements 
if(@$_POST['ban_id']!="") { 
	$ban = get_num($_POST['ban_id']);
	mysqli_query_with_error($mysqli, "INSERT INTO banlist(ban_userid) VALUES($ban)");
	echo "it's ok<br>";
}

if(@$_POST['ipban']!=""){
	$ban = $mysqli->real_escape_string(get_data_ss_tag($_POST['ipban']));
	mysqli_query_with_error($mysqli, "INSERT INTO banlist(ban_ip) VALUES('$ban')");
	echo "it's ok<br>";
}

if(@$_POST['deban2']!=""){
	$ban = $mysqli->real_escape_string(get_data_ss_tag($_POST['deban2']));
  mysqli_query_with_error($mysqli, "DELETE FROM banlist WHERE ban_ip='$ban'");
  echo "it's ok<br>";
}

if(@$_POST['deban']!=""){
	$ban = get_num($_POST['deban']);
	mysqli_query_with_error($mysqli, "DELETE FROM banlist WHERE ban_userid=$ban");
	echo "it's ok<br>";
}

//config droit d'accès
if(@$_POST['vip']!=""){
	$vip = get_num($_POST['vip']);
	$forum = get_num($_POST['forum']);
    mysqli_query_with_error($mysqli, "INSERT INTO forum_private(user_id, forum_id) VALUES($vip, $forum)");
	echo "it's ok<br>";
}
if(@$_POST['sup_vip']!=""){
	$line = get_num($_POST['sup_vip']);
    mysqli_query_with_error($mysqli, "DELETE FROM forum_private WHERE ID = $line");
	echo "it's ok<br>";
}

//ajout et supr moderateur
if(@$_POST['modo']!=""){
	$modo = get_num($_POST['modo']);
	$forum = get_num($_POST['forum']);
    mysqli_query_with_error($mysqli, "INSERT INTO modo_perms(user_id, forum_id) VALUES($modo, $forum)");
	echo "it's ok<br>";
}
if(@$_POST['sup_modo']!=""){
	$line = get_num($_POST['sup_modo']);
   mysqli_query_with_error($mysqli, "DELETE FROM modo_perms WHERE ID = $line");
	echo "it's ok<br>";
}


// Moderation
echo"<br><br>Definir un modérateur<br><br><form action='gens.php' method='post'>Pseudo : <select name='modo' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM gens ORDER BY username");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_propre_sortie_db($ligne['username']);
	echo "<option value='{$ligne['user_id']}'>$blaze";
}
echo"</select> Forum: <select name='forum' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM forums ORDER BY forum_order");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_propre_sortie_db($ligne['forum_name']);
	echo "<option value='{$ligne['forum_id']}'>$blaze";
}
echo"</select><br><input type='submit' name='bouton' value='Promure'></form><br>
Supprimer un modérateur<br><br><form action='gens.php' method='post'>Modo : <select name='sup_modo' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM modo_perms ORDER BY user_id DESC");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_in_db($mysqli, "gens", "user_id", $ligne['user_id'], "username");
	$forum = get_data_in_db($mysqli, "forums", "forum_id", $ligne['forum_id'], "forum_name");
	echo "<option value='{$ligne['ID']}'>$blaze dans $forum";
}
echo"</select> <br><input type='submit' name='bouton' value='DePromure'></form><hr>";

// VIP et forums privés
echo"Donner un droit d'accès à un forum privé<br><br><form action='gens.php' method='post'>Pseudo : <select name='vip' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM gens ORDER BY username");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_propre_sortie_db($ligne['username']);
	echo "<option value='{$ligne['user_id']}'>$blaze";
}

echo"</select> Forum: <select name='forum' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM forums WHERE auth_view='2'");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_propre_sortie_db($ligne['forum_name']);
	echo "<option value='{$ligne['forum_id']}'>$blaze";
}
echo"</select><br><input type='submit' name='bouton' value='autoriser'></form><br>
Supprimer un VIP<br><br><form action='gens.php' method='post'>VIP : <select name='sup_vip' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM forum_private ORDER BY user_id DESC");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_in_db($mysqli, "gens", "user_id", $ligne['user_id'], "username");
	$forum = get_data_in_db($mysqli, "forums", "forum_id", $ligne['forum_id'], "forum_name");
	echo "<option value='{$ligne['ID']}'>$blaze dans $forum";
}
echo"</select> <br><input type='submit' name='bouton' value='DeVIP'></form><hr>";

//Bannissement
echo "<br>BANNISSEMENT<br>
<form action='gens.php' method='post'>Pseudo : <select name='ban_id' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM gens ORDER BY username");
while($ligne = $result->fetch_assoc()) {
	$blaze = get_data_propre_sortie_db($ligne['username']);
	echo "<option value='{$ligne['user_id']}'>$blaze";
}
echo"</select><br><input type='submit' name='bouton' value='Bannir'></form><br><br>
 <form action='gens.php' method='post'>IP:<input type='text' name='ipban' class='noir'><br><input
 type='submit' name='bouton' value='Bannir'></form>";

echo"<br><br><form action='gens.php' method='post'>Debannir pseudo:<select name='deban' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM banlist WHERE ban_ip=''");
while($ligne = $result->fetch_assoc())
	echo "<option value='{$ligne['ban_userid']}'>".get_data_in_db($mysqli, "gens", "user_id", $ligne['ban_userid'], "username");
echo "</select><br><input type='submit' name='bouton' value='Debannir'></form>";

echo"<br><br><form action='gens.php' method='post'>Debannir ip:<select name='deban2' class='noir'>";
$result =  mysqli_query_with_error($mysqli, "SELECT * FROM banlist WHERE ban_userid='0'");
while($ligne = $result->fetch_assoc()) {
	$ipp = get_data_propre_sortie_db($ligne['ban_ip']);
	echo "<option value='{$ligne['ban_ip']}'>$ipp";
}
echo "</select><br><input type='submit' name='bouton' value='Debannir'></form>";
?>
</body></html>
